It seems like every few weeks another web site or online service is breached. When that happens, user account information is almost always stolen, and usually published online.

If you have an account on a breached site or service, you may not be in any immediate danger. Often, only email addresses are published. Sometimes account/user names are also published. Occasionally, encrypted passwords are published, and when that happens, the weaker of those passwords are also quickly decrypted. The worst case scenario is where you’ve used a single, weak password for several different web sites or services.

After learning about a breach on a site or service, your first step should be to determine whether you have an account there. If you do, you should sign in and change the account’s password immediately (sometimes this is forced by the site owner in response to a breach). Then, if you’ve used the same account/email + password anywhere else, sign in to those other sites and change those passwords. Then stop using the same password everywhere, and start using a password manager like Password Corral.

If you’re not sure where you’ve used a particular account/user name or email address, you should start by searching for them on the Have I Been Pwned site. ‘Pwn’ is gamer slang for ‘own’, if you were wondering. Enter a username or email address, and the site will search it them in all known lists of breach data.